|
»
»
»
Active Directory Server and strange referrals like DomainDnsZones ForestDnsZones - Unable to chase referral
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
Active Directory Server and strange referrals like DomainDnsZones ForestDnsZones - Unable to chase referral
by Jodok Ole Müllers
::
Rate this Message:
Hello,
I set up libnss-ldap 259-1 to get user/group information from a windows 2003 Active Directory server but I was getting these errors when running "getent passwd". root@hardy:/etc# getent passwd ... local users ... root:x:0:0:root:/root:/bin/bash sshd:x:111:65534::/var/run/sshd:/usr/sbin/nologin ... users configured on the ADS ... Administrator:ABCD!efgh12345$67890:10003:10000:Administrator:/home/Administrator:/bin/sh heinzt:ABCD!efgh12345$67890:10000:10002:Heinz Test:/home/heinzt:/bin/bash ldap:ABCD!efgh12345$67890:10001:10001:ldap:/home/ldap:/bin/sh adsuser:ABCD!efgh12345$67890:10004:100001:ADS User:/home/adsuser:/bin/bash Unable to chase referral "ldap://ForestDnsZones.av-verlag.de/DC=ForestDnsZones,DC=av-verlag,DC=de" (-1: Can't contact LDAP server) Unable to chase referral "ldap://DomainDnsZones.av-verlag.de/DC=DomainDnsZones,DC=av-verlag,DC=de" (-1: Can't contact LDAP server) Unable to chase referral "ldap://av-verlag.de/CN=Configuration,DC=av-verlag,DC=de" (-1: Can't contact LDAP server) It turned out that this errors were cause by the ADS sending not only data but also strange referrals: ldapsearch -x -H ldap://10.2.1.70 -D "CN=ldap,CN=Users,DC=av-verlag,DC=de" -W -b "dc=av-verlag,dc=de" .... a lot of ldif here, and at the end of the output: ... # search reference ref: ldap://ForestDnsZones.av-verlag.de/DC=ForestDnsZones,DC=av-verlag,DC=de # search reference ref: ldap://DomainDnsZones.av-verlag.de/DC=DomainDnsZones,DC=av-verlag,DC=de # search reference ref: ldap://av-verlag.de/CN=Configuration,DC=av-verlag,DC=de These hostnames after the ldap:// are not valid hostnames. I am wondering where they are comming from. To work around this problem I added this to /etc/hosts: 10.2.1.70 ForestDnsZones.av-verlag.de 10.2.1.70 DomainDnsZones.av-verlag.de 10.2.1.70 av-verlag.de This works, but is dirty. My ADS admin was not able to tell me what these referals are about nor does he know how to disable them. He told me that they returned by default. Is this a known problem ? Can I tell libnss-ldap to ignore them somehow ? Best Regards, Jodok Ole Müllers |
|
|
Re: Active Directory Server and strange referrals like DomainDnsZones ForestDnsZones - Unable to chase referral
by Jamin W. Collins
::
Rate this Message:
Jodok Ole Müllers wrote:
> > It turned out that this errors were cause by the ADS sending not only data but also strange referrals: > > ldapsearch -x -H ldap://10.2.1.70 -D "CN=ldap,CN=Users,DC=av-verlag,DC=de" -W -b "dc=av-verlag,dc=de" > .... a lot of ldif here, and at the end of the output: ... > # search reference > ref: ldap://ForestDnsZones.av-verlag.de/DC=ForestDnsZones,DC=av-verlag,DC=de > > # search reference > ref: ldap://DomainDnsZones.av-verlag.de/DC=DomainDnsZones,DC=av-verlag,DC=de > > # search reference > ref: ldap://av-verlag.de/CN=Configuration,DC=av-verlag,DC=de > > These hostnames after the ldap:// are not valid hostnames. > I am wondering where they are comming from. > To work around this problem I added this to /etc/hosts: > 10.2.1.70 ForestDnsZones.av-verlag.de > 10.2.1.70 DomainDnsZones.av-verlag.de > 10.2.1.70 av-verlag.de > > This works, but is dirty. > > My ADS admin was not able to tell me what these > referals are about nor does he know how to disable them. > He told me that they returned by default. > > Is this a known problem ? > Can I tell libnss-ldap to ignore them somehow ? I'm not an expert on integrating LDAP with MS ADS by any means (never done it). Is av-verlag.de your company's domain or in any way related to your company? These two sub listings ForestDnsZones and DomainDnsZones appear to be a standard part of MS ADS and I suspect they are missing from your companies ADS server(s): http://forums.techarena.in/showthread.php?t=503672 http://www.tomshardware.com/forum/196043-46-forestdnszones-domaindnszones-listed Found using the following search: http://www.google.com/search?q=ads+forestdnszones |
|
|
Re: Active Directory Server and strange referrals like DomainDnsZones ForestDnsZones - Unable to chase referral
by Jodok Ole Müllers
::
Rate this Message:
Hello Jamin,
thanks for your support. > Is av-verlag.de your company's domain or in any way related to your > company? Yes. it is. > These two sub listings ForestDnsZones and DomainDnsZones > appear to be a standard part of MS ADS and I suspect they are missing > from your companies ADS server(s): You are right. We have got a test environment with one ADS and that is indeed broken and does not resolve ForestDnsZones and DomainDnsZones in DNS. Whereas it works on our production environment: Again ldapsearch returns this: # search reference ref: ldap://ForestDnsZones.av-verlag.de/DC=ForestDnsZones,DC=av-verlag,DC= de # search reference ref: ldap://DomainDnsZones.av-verlag.de/DC=DomainDnsZones,DC=av-verlag,DC= de # search reference ref: ldap://av-verlag.de/CN=Configuration,DC=av-verlag,DC=de # numEntries: 3 # numReferences: 3 But this time the entries do resolve: # nslookup ForestDnsZones.av-verlag.de Name: ForestDnsZones.av-verlag.de Address: 192.168.0.1 Name: ForestDnsZones.av-verlag.de Address: 192.168.0.5 Name: ForestDnsZones.av-verlag.de Address: 192.168.2.2 Name: ForestDnsZones.av-verlag.de Address: 192.168.0.2 # nslookup DomainDnsZones.av-verlag.de Name: DomainDnsZones.av-verlag.de Address: 192.168.0.1 Name: DomainDnsZones.av-verlag.de Address: 192.168.2.2 Name: DomainDnsZones.av-verlag.de Address: 192.168.0.2 Name: DomainDnsZones.av-verlag.de Address: 192.168.0.5 # nslookup av-verlag.de Name: av-verlag.de Address: 192.168.0.1 Name: av-verlag.de Address: 192.168.0.5 Name: av-verlag.de Address: 85.239.120.40 Name: av-verlag.de Address: 192.168.2.2 Name: av-verlag.de Address: 192.168.0.2 Name: av-verlag.de Address: 192.168.5.2 Thanks a lot for pointing me into the right direction. Regards, Jodok |
| Free Forum Powered by Nabble | Forum Help |